﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlServerCe;
using System.Configuration;

/// <summary>
/// 表示统一认证系统的数据管理器。
/// </summary>
public static class IASDataManager
{
    /// <summary>
    /// 注册一个新的用户。
    /// </summary>
    /// <param name="user">新的用户。</param>
    /// <returns>返回一个 bool 值表示该次注册是否成功。若指定的用户名已被占用，则返回 false 。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static bool RegisterNewUser(User user)
    {
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmd = new SqlCeCommand(
            "INSERT INTO [User] ([Username], [Password]) VALUES (@Username, @Password)",
            conn);
        cmd.Parameters.AddWithValue("@Username", user.Username);
        cmd.Parameters.AddWithValue("@Password", user.Password);

        try
        {
            conn.Open();
            cmd.ExecuteNonQuery();
            return true;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }
    }

    /// <summary>
    /// 通过指定的用户名查询一个用户。
    /// </summary>
    /// <param name="username">指定的用户名。</param>
    /// <returns>返回一个 User 对象表示查询到的用户。若该指定的用户名不存在，则返回 null 。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static User QueryUser(string username)
    {
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmd = new SqlCeCommand(
            "SELECT * FROM [User] WHERE [Username] = @Username",
            conn);
        cmd.Parameters.AddWithValue("@Username", username);

        try
        {
            conn.Open();
            SqlCeDataReader reader = cmd.ExecuteReader();
            User user = null;
            if (reader.Read())
            {
                user = new User(reader["Username"].ToString(), reader["Password"].ToString());
                conn.Close();
                return user;
            }
            else
            {
                conn.Close();
                return null;
            }
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }
    }

    /// <summary>
    /// 通过指定的用户名更新一个用户。
    /// </summary>
    /// <param name="user">指定的的用户名及新的用户信息。</param>
    /// <returns>返回一个 bool 值表示更新结果。若指定的用户名不存在，则返回 false 。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static bool UpdateUser(User user)
    {
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmd = new SqlCeCommand(
            "UPDATE [User] SET [Password] = @Password WHERE [Username] = @Username",
            conn);
        cmd.Parameters.AddWithValue("@Username", user.Username);
        cmd.Parameters.AddWithValue("@Password", user.Password);

        try
        {
            conn.Open();
            if (cmd.ExecuteNonQuery() > 0)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }
    }


    /// <summary>
    /// 通过指定的用户名更新或增添一个用户的注册信息。
    /// </summary>
    /// <param name="regstrationInfo">指定的用户名及用户的注册信息。</param>
    /// <returns>返回一个 bool 值表示更新或增添是否成功。若指定的用户名不存在，则返回 false 。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static bool UpdateOrAppendRegistrationInfo(RegistrationInfo regstrationInfo)
    {
        // Check existence of User
        try
        {
            if (QueryUser(regstrationInfo.Username) == null) return false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }

        // Try to update the record
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmdUpdate = new SqlCeCommand(
            "UPDATE [RegistrationInfo] " +
            "SET [RegistrationEmail] = @RegistrationEmail, " +
                "[PasswordQuestion] = @PasswordQuestion, " +
                "[PasswordAnswer] = @PasswordAnswer " +
            "WHERE [Username] = @Username",
            conn);
        cmdUpdate.Parameters.AddWithValue("@Username", regstrationInfo.Username);
        cmdUpdate.Parameters.AddWithValue("@RegistrationEmail", regstrationInfo.RegistrationEmail);
        cmdUpdate.Parameters.AddWithValue("@PasswordQuestion", regstrationInfo.PasswordQuestion);
        cmdUpdate.Parameters.AddWithValue("@PasswordAnswer", regstrationInfo.PasswordAnswer);

        bool recordExists = true;
        try
        {
            conn.Open();
            if (cmdUpdate.ExecuteNonQuery() == 0) recordExists = false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }

        // No record then append
        if (!recordExists)
        {
            SqlCeCommand cmdAppend = new SqlCeCommand(
                "INSERT INTO [RegistrationInfo] ([Username], [RegistrationEmail], [PasswordQuestion], [PasswordAnswer]) " + 
                "VALUES (@Username, @RegistrationEmail, @PasswordQuestion, @PasswordAnswer)",
                conn);
            cmdAppend.Parameters.AddWithValue("@Username", regstrationInfo.Username);
            cmdAppend.Parameters.AddWithValue("@RegistrationEmail", regstrationInfo.RegistrationEmail);
            cmdAppend.Parameters.AddWithValue("@PasswordQuestion", regstrationInfo.PasswordQuestion);
            cmdAppend.Parameters.AddWithValue("@PasswordAnswer", regstrationInfo.PasswordAnswer);
            
            try
            {
                conn.Open();
                cmdAppend.ExecuteNonQuery();
            }
            catch (System.InvalidOperationException eInvalidOperation)
            {
                throw eInvalidOperation;
            }
            catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
            {
                throw eSqlCe;
            }
            finally
            {
                conn.Close();
            }
        }

        // Return success
        return true;
    }
    
    /// <summary>
    /// 通过指定的用户名查询一个用户的注册信息。
    /// </summary>
    /// <param name="username">指定的用户名。</param>
    /// <returns>返回一个 RegistrationInfo 表示查询到的用户的注册信息。若指定的用户名或记录不存在，则返回 null 。</returns>
    public static RegistrationInfo QueryRegistrationInfo(string username);

    
    /// <summary>
    /// 通过指定的用户名更新或增添一个用户的个人信息。
    /// </summary>
    /// <param name="personalInfo">指定的用户名及用户的个人信息。</param>
    /// <returns>返回一个 bool 值表示更新或增添是否成功。若指定的用户名不存在，则返回 false。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static bool UpdateOrAppendPersonalInfo(PersonalInfo personalInfo)
    {
        // Check existence of User
        try
        {
            if (QueryUser(personalInfo.Username) == null) return false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }

        // Try to update the record
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmdUpdate = new SqlCeCommand(
            "UPDATE [PersonalInfo] " +
            "SET [Nickname] = @Nickname, " +
                "[RealName] = @RealName, " +
                "[Birthday] = @Birthday, " +
                "[IdentityCardNumber] = @IdentityCardNumber " +
            "WHERE [Username] = @Username",
            conn);
        cmdUpdate.Parameters.AddWithValue("@Username", personalInfo.Username);
        cmdUpdate.Parameters.AddWithValue("@Nickname", personalInfo.Nickname);
        cmdUpdate.Parameters.AddWithValue("@RealName", personalInfo.RealName);
        cmdUpdate.Parameters.AddWithValue("@Birthday", personalInfo.Birthday);
        cmdUpdate.Parameters.AddWithValue("@IdentityCardNumber", personalInfo.IdentityCardNumber);

        bool recordExists = true;
        try
        {
            conn.Open();
            if (cmdUpdate.ExecuteNonQuery() == 0) recordExists = false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }

        // No record then append
        if (!recordExists)
        {
            SqlCeCommand cmdAppend = new SqlCeCommand(
                "INSERT INTO [PersonalInfo] ([Username], [Nickname], [RealName], [Birthday], [IdentityCardNumber]) " +
                "VALUES (@Username, @Nickname, @RealName, @Birthday, @IdentityCardNumber)",
                conn);
            cmdAppend.Parameters.AddWithValue("@Username", personalInfo.Username);
            cmdAppend.Parameters.AddWithValue("@Nickname", personalInfo.Nickname);
            cmdAppend.Parameters.AddWithValue("@RealName", personalInfo.RealName);
            cmdAppend.Parameters.AddWithValue("@Birthday", personalInfo.Birthday);
            cmdAppend.Parameters.AddWithValue("@IdentityCardNumber", personalInfo.IdentityCardNumber);

            try
            {
                conn.Open();
                cmdAppend.ExecuteNonQuery();
            }
            catch (System.InvalidOperationException eInvalidOperation)
            {
                throw eInvalidOperation;
            }
            catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
            {
                throw eSqlCe;
            }
            finally
            {
                conn.Close();
            }
        }

        // Return success
        return true;
    }

    /// <summary>
    /// 通过指定的用户名查询一个用户的个人信息。
    /// </summary>
    /// <param name="username">指定的用户名。</param>
    /// <returns>返回一个 PerosonalInfo 表示查询到的用户个人信息。若指定的用户名或记录不存在，则返回 null。</returns>
    public static PersonalInfo QueryPersonalInfo(string username);


    /// <summary>
    /// 通过指定的用户名更新或增添一个用户的联系信息。
    /// </summary>
    /// <param name="contactInfo">指定的用户名及用户的联系信息。</param>
    /// <returns>返回一个 bool 值表示更新或增添是否成功。若指定的用户名不存在，则返回 false。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static bool UpdateOrAppendContactInfo(ContactInfo contactInfo)
    {
        // Check existence of User
        try
        {
            if (QueryUser(contactInfo.Username) == null) return false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }

        // Try to update the record
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmdUpdate = new SqlCeCommand(
            "UPDATE [ContactInfo] " +
            "SET [ContactEmail] = @ContactEmail, " +
                "[PhoneNumber] = @PhoneNumber, " +
                "[QQNumber] = @QQNumber, " +
                "[PersonalWebsiteURL] = @PersonalWebsiteURL, " +
                "[SinaWeiboURL] = @SinaWeiboURL, " +
                "[RenrenURL] = @RenrenURL, " +
                "[FacebookURL] = @FacebookURL, " +
                "[TwitterURL] = @TwitterURL " +
            "WHERE [Username] = @Username",
            conn);
        cmdUpdate.Parameters.AddWithValue("@Username", contactInfo.Username);
        cmdUpdate.Parameters.AddWithValue("@ContactEmail", contactInfo.ContactEmail);
        cmdUpdate.Parameters.AddWithValue("@PhoneNumber", contactInfo.PhoneNumber);
        cmdUpdate.Parameters.AddWithValue("@QQNumber", contactInfo.QQNumber);
        cmdUpdate.Parameters.AddWithValue("@PersonalWebsiteURL", contactInfo.PersonalWebsiteURL);
        cmdUpdate.Parameters.AddWithValue("@SinaWeiboURL", contactInfo.SinaWeiboURL);
        cmdUpdate.Parameters.AddWithValue("@RenrenURL", contactInfo.RenrenURL);
        cmdUpdate.Parameters.AddWithValue("@FacebookURL", contactInfo.FacebookURL);
        cmdUpdate.Parameters.AddWithValue("@TwitterURL", contactInfo.TwitterURL);

        bool recordExists = true;
        try
        {
            conn.Open();
            if (cmdUpdate.ExecuteNonQuery() == 0) recordExists = false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }

        // No record then append
        if (!recordExists)
        {
            SqlCeCommand cmdAppend = new SqlCeCommand(
                "INSERT INTO [RegistrationInfo] ([Username], [ContactEmail], [PhoneNumber], [QQNumber], [PersonalWebsiteURL], [SinaWeiboURL], [RenrenURL], [FacebookURL], [TwitterURL]) " +
                "VALUES (@Username, @ContactEmail, @PhoneNumber, @QQNumber, @PersonalWebsiteURL, @SinaWeiboURL, @RenrenURL, @FacebookURL, @TwitterURL)",
                conn);
            cmdAppend.Parameters.AddWithValue("@Username", contactInfo.Username);
            cmdAppend.Parameters.AddWithValue("@ContactEmail", contactInfo.ContactEmail);
            cmdAppend.Parameters.AddWithValue("@PhoneNumber", contactInfo.PhoneNumber);
            cmdAppend.Parameters.AddWithValue("@QQNumber", contactInfo.QQNumber);
            cmdAppend.Parameters.AddWithValue("@PersonalWebsiteURL", contactInfo.PersonalWebsiteURL);
            cmdAppend.Parameters.AddWithValue("@SinaWeiboURL", contactInfo.SinaWeiboURL);
            cmdAppend.Parameters.AddWithValue("@RenrenURL", contactInfo.RenrenURL);
            cmdAppend.Parameters.AddWithValue("@FacebookURL", contactInfo.FacebookURL);
            cmdAppend.Parameters.AddWithValue("@TwitterURL", contactInfo.TwitterURL);

            try
            {
                conn.Open();
                cmdAppend.ExecuteNonQuery();
            }
            catch (System.InvalidOperationException eInvalidOperation)
            {
                throw eInvalidOperation;
            }
            catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
            {
                throw eSqlCe;
            }
            finally
            {
                conn.Close();
            }
        }

        // Return success
        return true;
    }

    /// <summary>
    /// 通过指定的用户名查询一个用户的联系信息。
    /// </summary>
    /// <param name="username">指定的用户名。</param>
    /// <returns>返回一个 ContactInfo 表示查询到的用户联系信息。若指定的用户名或记录不存在，则返回 null。</returns>
    public static ContactInfo QueryContactInfo(string username);


    /// <summary>
    /// 通过指定的用户名更新或增添一个学生记录。（经过认证的）
    /// </summary>
    /// <param name="student">指定的用户名及学生记录。</param>
    /// <returns>返回一个 bool 值表示更新或增添是否成功。若指定的用户名不存在，或者学号已被注册，则返回 false。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static bool UpdateOrAppendAuth_StudentRecord(Auth_Student student)
    {
        // Check existence of User
        try
        {
            if (QueryUser(student.Username) == null) return false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }

        // Check existence of Student ID
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmdCheckID = new SqlCeCommand(
            "SELECT * FROM [auth_Student] WHERE [StudentID] = @StudentID",
            conn);
        cmdCheckID.Parameters.AddWithValue("@StudentID", student.StudentID);

        bool studentIDExists = false;
        try
        {
            conn.Open();
            SqlCeDataReader reader = cmdCheckID.ExecuteReader();
            if (reader.Read()) studentIDExists = true;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }
        if (studentIDExists) return false;

        // Try to update the record
        SqlCeCommand cmdUpdate = new SqlCeCommand(
            "UPDATE [auth_Student] " +
            "SET [StudentID] = @StudentID " +
            "WHERE [Username] = @Username",
            conn);
        cmdUpdate.Parameters.AddWithValue("@Username", student.Username);
        cmdUpdate.Parameters.AddWithValue("@StudentID", student.StudentID);

        bool recordExists = true;
        try
        {
            conn.Open();
            if (cmdUpdate.ExecuteNonQuery() == 0) recordExists = false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }

        // No record then append
        if (!recordExists)
        {
            SqlCeCommand cmdAppend = new SqlCeCommand(
                "INSERT INTO [auth_Student] ([Username], [StudentID]) " +
                "VALUES (@Username, @StudentID)",
                conn);
            cmdAppend.Parameters.AddWithValue("@Username", student.Username);
            cmdAppend.Parameters.AddWithValue("@StudentID", student.StudentID);

            try
            {
                conn.Open();
                cmdAppend.ExecuteNonQuery();
            }
            catch (System.InvalidOperationException eInvalidOperation)
            {
                throw eInvalidOperation;
            }
            catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
            {
                throw eSqlCe;
            }
            finally
            {
                conn.Close();
            }
        }

        // Return success
        return true;
    }

    /// <summary>
    /// 通过指定的用户名查询一个学生记录。（经过验证的）
    /// </summary>
    /// <param name="username">指定的用户名。</param>
    /// <returns>返回一个 Auth_Student 表示查询到的学生记录。若指定的用户名或记录不存在，则返回 null。</returns>
    public static Auth_Student QueryAuth_StudentRecordByUsername(string username);

    /// <summary>
    /// 通过指定的学号查询一个学生记录。（经过验证的）
    /// </summary>
    /// <param name="studentID">指定的学号。</param>
    /// <returns>返回一个 Auth_Student 表示查询到的学生记录。若指定的记录不存在，则返回 null。</returns>
    public static Auth_Student QueryAuth_StudentRecordByStudentID(string studentID);


    /// <summary>
    /// 通过指定的用户名更新或增添一个学生的个人信息。（经过验证的）
    /// </summary>
    /// <param name="personalInfo">指定的用户名及学生的个人信息。</param>
    /// <returns>返回一个 bool 值表示更新或增添是否成功。若指定的用户名不存在，则返回 false。</returns>
    /// <exception cref="System.InvalidOperationException"></exception>
    /// <exception cref="System.Data.SqlServerCe.SqlCeException"></exception>
    public static bool UpdateOrAppendAuth_PersonalInfo(Auth_PersonalInfo personalInfo)
    {
        // Check existence of User
        try
        {
            if (QueryUser(personalInfo.Username) == null) return false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }

        // Try to update the record
        SqlCeConnection conn = new SqlCeConnection(ConfigurationManager.ConnectionStrings["ConnectionString_IASDatabase"].ToString());
        SqlCeCommand cmdUpdate = new SqlCeCommand(
            "UPDATE [autn_PersonalInfo] " +
            "SET [Name] = @Name, " +
                "[FormerName] = @FormerName, " +
                "[DepartmentID] = @DepartmentID, " +
                "[DepartmentName] = @DepartmentName, " +
                "[MajorID] = @MajorID, " +
                "[MajorName] = @MajorName, " +
                "[Grade] = @Grade, " +
                "[EntryDate] = @EntryDate " +
            "WHERE [Username] = @Username",
            conn);
        cmdUpdate.Parameters.AddWithValue("@Username", personalInfo.Username);
        cmdUpdate.Parameters.AddWithValue("@Name", personalInfo.Name);
        cmdUpdate.Parameters.AddWithValue("@FormerName", personalInfo.FormerName);
        cmdUpdate.Parameters.AddWithValue("@DepartmentID", personalInfo.DepartmentID);
        cmdUpdate.Parameters.AddWithValue("@DepartmentName", personalInfo.DepartmentName);
        cmdUpdate.Parameters.AddWithValue("@MajorID", personalInfo.MajorID);
        cmdUpdate.Parameters.AddWithValue("@MajorName", personalInfo.MajorName);
        cmdUpdate.Parameters.AddWithValue("@Grade", personalInfo.Grade);
        cmdUpdate.Parameters.AddWithValue("@EntryDate", personalInfo.EntryDate);

        bool recordExists = true;
        try
        {
            conn.Open();
            if (cmdUpdate.ExecuteNonQuery() == 0) recordExists = false;
        }
        catch (System.InvalidOperationException eInvalidOperation)
        {
            throw eInvalidOperation;
        }
        catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
        {
            throw eSqlCe;
        }
        finally
        {
            conn.Close();
        }

        // No record then append
        if (!recordExists)
        {
            SqlCeCommand cmdAppend = new SqlCeCommand(
                "INSERT INTO [auth_PersonalInfo] ([Username], [Name], [FormerName], [DepartmentID], [DepartmentName], [MajorID], [MajorName], [Grade], [EntryDate]) " +
                "VALUES (@Username, @Name, @FormerName, @DepartmentID, @DepartmentName, @MajorID, @MajorName, @Grade, @EntryDate)",
                conn);
            cmdAppend.Parameters.AddWithValue("@Username", personalInfo.Username);
            cmdAppend.Parameters.AddWithValue("@Name", personalInfo.Name);
            cmdAppend.Parameters.AddWithValue("@FormerName", personalInfo.FormerName);
            cmdAppend.Parameters.AddWithValue("@DepartmentID", personalInfo.DepartmentID);
            cmdAppend.Parameters.AddWithValue("@DepartmentName", personalInfo.DepartmentName);
            cmdAppend.Parameters.AddWithValue("@MajorID", personalInfo.MajorID);
            cmdAppend.Parameters.AddWithValue("@MajorName", personalInfo.MajorName);
            cmdAppend.Parameters.AddWithValue("@Grade", personalInfo.Grade);
            cmdAppend.Parameters.AddWithValue("@EntryDate", personalInfo.EntryDate);

            try
            {
                conn.Open();
                cmdAppend.ExecuteNonQuery();
            }
            catch (System.InvalidOperationException eInvalidOperation)
            {
                throw eInvalidOperation;
            }
            catch (System.Data.SqlServerCe.SqlCeException eSqlCe)
            {
                throw eSqlCe;
            }
            finally
            {
                conn.Close();
            }
        }

        // Return success
        return true;
    }

    /// <summary>
    /// 通过指定的用户名查询一个学生的个人信息。（经过验证的）
    /// </summary>
    /// <param name="username">指定的用户名。</param>
    /// <returns>返回一个 Auth_PersonalInfo 表示查询到的学生的个人信息。若指定的用户名或记录不存在，则返回 false。</returns>
    public static Auth_PersonalInfo QueryAuth_PersonalInfo(string username);
}
